package com.han.controllers;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import com.han.bom.Professor;
import com.han.bom.Student;
import com.han.bom.User;
import com.han.dao.UserDAO;

/**
 * Servlet implementation class UserChangePasswordServlet
 */
@WebServlet("/UserChangePasswordServlet")
public class UserChangePasswordServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
	private Logger logger = Logger.getLogger(getClass().getName());
	
    /**
     * @see HttpServlet#HttpServlet()
     */
    public UserChangePasswordServlet() {
        super();
        // TODO Auto-generated constructor stub
    }

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		logger.info("Entered UserChangePasswordServlet POST");
		UserDAO userdao = new UserDAO();
		User user = null;
		String oldPassword=null,newPassword1=null,newPassword2=null;
		
		HttpSession session = request.getSession();
		
		if(session.getAttribute("student")!=null){
			user = (Student)session.getAttribute("student");
		}
		else if(session.getAttribute("professor")!=null){
			user = (Professor)session.getAttribute("professor");
		}
		else{
			
		}
		
		if(request.getParameter("oldPassword")!=null){
			oldPassword = request.getParameter("oldPassword");
		}
		else{
			
		}
		
		if(request.getParameter("newPassword1")!=null){
			newPassword1 = request.getParameter("newPassword1");
		}
		else{
			
		}
		
		if(request.getParameter("newPassword2")!=null){
			newPassword2 = request.getParameter("newPassword2");
		}
		else{
			
		}
		
		MessageDigest digest=null;
		try {
			digest = MessageDigest.getInstance("SHA-256");
		} catch (NoSuchAlgorithmException e) {
			logger.error(e.getMessage(), e);
			e.printStackTrace();
		}
		
		byte[] hash = digest.digest(oldPassword.getBytes("UTF-8"));
		
		StringBuffer hashedPassword = new StringBuffer();
		
		for(int i = 0; i<hash.length;i++){
			hashedPassword.append(Integer.toString((hash[i] & 0xFF) + 0x100, 16).substring(1));
		}
		
		if(user.getPassword().equals(hashedPassword.toString())){
			if(newPassword1.equals(newPassword2)){
				
				hash = digest.digest(newPassword1.getBytes("UTF-8"));
				
				hashedPassword = new StringBuffer();
				
				for(int i = 0; i<hash.length;i++){
					hashedPassword.append(Integer.toString((hash[i] & 0xFF) + 0x100, 16).substring(1));
				}
				
				user.setPassword(hashedPassword.toString());
				
				try {
					userdao.updateUser(user);
				} catch (ClassNotFoundException e) {
					logger.error(e.getMessage(), e);
					e.printStackTrace();
				} catch (SQLException e) {
					logger.error(e.getMessage(), e);
					e.printStackTrace();
				}
				
				response.sendRedirect("Security.jsp");
				
				
			}
		}
		
	}

}
